Home > Vulnerability Database > CVE-2022-21716

Mend.io Vulnerability Database

CVE-2022-21716

Good to know:

Date: March 2, 2022

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as "nc -rv localhost 22 < /dev/zero". A patch is available in version 22.2.0. There are currently no known workarounds.

Language: Python

Severity Score

7.5

Related Resources (19)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-21716

Url: https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

Url: https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-160.yaml

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

Url: https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6

Url: https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html

Url: https://twistedmatrix.com/trac/ticket/10284

Url: https://github.com/twisted/twisted

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/

Url: https://www.oracle.com/security-alerts/cpuapr2022.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K

Url: https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9

Url: https://security.gentoo.org/glsa/202301-02

Url: https://github.com/twisted/twisted/releases/tag/twisted-22.2.0

Url: https://access.redhat.com/security/cve/CVE-2022-21716

Url: https://www.mend.io/vulnerability-database/CVE-2022-21716

Severity Score

7.5

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version twisted - 22.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-21716

Good to know:

Date: March 2, 2022

Language: Python

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?